How to view the threat list on Symantec endpoint security products
|Article:TECH200963|||||Created: 2012-12-18|||||Updated: 2012-12-19|||||Article URL http://www.symantec.com/docs/TECH200963|
Is there a way to display all of the threat names which a Symantec endpoint security product detects?
The threat list can be displayed within the following products. Details on the threat families listed can be found on the Security Response online site.
To view the list on a SEP 11.x or SEP 12.1.x client:
- In the client, on the Status page, next to Antivirus and Antispyware Protection (11.x) or Virus and Spyware Protection (12.1.x), click Options > View Threat List.
A Detectable Risk List window opens, displaying a list of all detections for this component in the current definition set. You cannot export or search this list.
To view the list on a SEP for Mac client:
- Open SEP for Mac through the menu bar icon, or via Applications > Symantec Solutions > Symantec Endpoint Protection.
- In the menu bar, click Tools > Virus Info.
- The Virus Definitions Info window opens, displaying a list of all detections in the current definition set. You cannot export this list.
- To search the list for a specific threat or threats, enter some or all of a threat name next to Display names containing. The list updates as you type.
- For specific information on a detection, click that detection's name, and then click Learn More. This action opens a new window with information from Security Response.
To view the list on a SAVFL client:
- Open a terminal (command line interface) and navigate to the Symantec AntiVirus directory.
Note: This is the default installation location.
sav info -tand press Enter to display the list within the terminal window.
To save this list to a text file, type
sav info -t > ~/risklist.txt, and then press Enter.
This will save the text file
risklist.txtto your user directory.
To view the list on SEPME 6 or SMS 7.2 client:
- Open the product's interface.
- Click Menu > Threat Definitions.
Information on the definition versions and the threats covered is displayed.
Given the amount of malware currently in circulation, Symantec recommends protecting every endpoint in an enterprise network (server, laptop, desktop, embedded point-of-sale (POS) and mobile device) with an up-to-date client. It is not sufficient to install an endpoint security program on one server with the expectation it will keep all its clients protected. It is also extremely risky to run LiveUpdate less often than once per day.
Essential information from Symantec Security Response can be found in the article Symantec Endpoint Protection – Best Practices.
Will SEP for Mac detect and remediate only threats that are designed to target Macintosh computers? Will SAV for Linux only detect and remediate Linux threats?
- SEP on Windows will detect all known Linux threats, Windows threats, and Mac threats
- SEP on Mac will detect all known Linux threats, Windows threats, and Mac threats
- SAVFL on Linux computers will detect all known Linux threats, Windows threats, and Mac threats.
- Symantec Mobile Security 7.2 / SEP Mobile Edition on Windows Mobile will only catch threats that are designed to target the Android/WM platforms (not the full range of Windows, Linux and Mac definitions)
For example: if an organization has a file server that is running Linux and is defended by SAV for Linux, that server can block threats that target the environment's Windows clients.
SMS 7.2 on an Android of Windows Mobile phone does not have the memory, CPU, and other resources to detect every threat for every platform. Mobile products are designed to protect only the mobile device.
Article URL http://www.symantec.com/docs/TECH200963